Windows

Question

Locked

D-Link Dir-655 VPN L2TP Problem

By Rob39572 ·
For the life of me I can not get my D-Link router to allow VPN L2TP outward connections. I have set up all the setting from the other post at http://tinyurl.com/ykxuele but still it does not let VPN L2TP through the router. I have verified it is the router by plugging my Vista-64 bit pc directly in to the internet and it works. But not in the router. Attempted it also on a different PC as well, still failed. Works plugged in to the internet. It keep failing with an Error of "ERROR 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer." http://i38.tinypic.com/2vv2iiq.jpg (Image).

Need to get this fixed as soon as possible. Thank you very much if you have any idea how to fix it. I have upgraded the router to the latest firmware with no dice too.

Thanks

Rob

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

probably L2TP IPSec passthrough

by CG IT In reply to D-Link Dir-655 VPN L2TP P ...

L2TP requires some IP protocols to be passed through the router. Some routers don't have L2TP IPsec passthrough only PPTP [which requires IP protocol GRE 47. note IP Protocol GRE 47 is not a port that can be forwarded]

I believe IPSec requires IP protocol 50 passthrough of the router. If your router doesn't support L2TP IPSec passthrough your out of luck. Either a firmware upgrade which fixes that problem or a new router that supports L2TP IPSec passthrough is needed.

Also note: both ends need to passthrough the L2TP IPsec IP protocol.

for IKE you need to forward UDP port 500 and IPSec itself is UDP port 1701.

Collapse -

Still no luck.

by Rob39572 In reply to probably L2TP IPSec passt ...

Pic of Port Settings:
http://i36.tinypic.com/14ay8g1.jpg

Pic of Firewall setting:
http://i38.tinypic.com/2zxmcnl.jpg

I enabled all protocols & ports but still no luck I have included the firewall settings. This D-Link router is one of the best routers of d-link so I would be shocked if it does not support it.

Thanks for your help and information. If you have any other ideas I am all ears.

Thanks again,

Robert

Collapse -

GRE 47 isn't a port. IPSec 50 isn't a port either

by CG IT In reply to Still no luck.

so you don't forward them to the VPN server.

The application level gateway settings with PPTP and IPSec [VPN] allow the GRE47 and IPSec 50 protocols to "passthrough" the router. PPTP TCP/IP protocol uses port 1723 which needs to be forwarded to your VPN server. UDP port 1701 is for IPSec.

Also note that the VPN server firewall has to allow VPN connections to passthrough.

on the remote access client computer, the router on their end also has to passthrough the PPTP IP protocol GRE 47 and IPSec IP protocol 50 as well as the firewalls allow 1723 for PPTP and 1701 for IPSec.

VPN is end to end so both ends negotiate the typs of connections and the security parameters of the connection. In any of the steps, if one end can't negotiate, no connection is made. Routers and firewalls can interfer with this process so that's the place to look. Also the error codes you encounter will help in diagnosing the problem.

Collapse -

Thanks

by Rob39572 In reply to GRE 47 isn't a port. IPSe ...

Thanks for your replies. They are very insightful. I tried a two different netgear routers and same issue. This DIR-655 is advertised as having "Multiple Pass through & L2TP" Still I have not figured it out.

Works like a charm directly plugged in the internet. Demilitarized zoned the IP and it still failed.

Thanks again, Let me know if you happen to think of something more.

Robert

Collapse -

If the problem is with L2TP only but PPTP works

by CG IT In reply to D-Link Dir-655 VPN L2TP P ...

and you get an error code of 789 then it's L2TP passthrough of the router. While 789 indicates a firewall problem, it's the router firewall not allowing L2TP IP protocol 50 from passing through.

Collapse -

Agreed - Wireshark proved that..

by Rob39572 In reply to If the problem is with L2 ...

I just bought a LinkSys WRT610N yesterday. It also failed to forward the ESP packets. It says it has all the types of port forwarding. Other other people from the company use NATed routers at home, didn't have to monkey around with port forwarding yet I am still having an issue. I have tried new cables, routers, and different machines.

I am going to take the Road Runner cable modem and swap that out as that is the last thing that I have not changed out.

While unlikey I am also going to proof my connection software setup too. Worked directly connected, but not through the router. So I don't think that is the source.

I am using a pre-shared text string key and the "L2TP IPSec VPN" setting in the "Connection Properties" -->Type of VPN.

Thanks for the reply. Hope it is a RR modem
issue but unlikey.

BTW LinkSys was unable to help with their "basic" support they transferred me to a 3d party vendor and they said "For only 119.99 we can help you with this problem and two others". (Jaw Drop). After 185.00 Router buy they have no advanced support. So much for the good name of Cisco.

Thanks

Rob

Collapse -

Solution Found...

by Rob39572 In reply to D-Link Dir-655 VPN L2TP P ...

Thanks for help. Found the problem, and Solution.
In the VPN Properties --> Networking Tab --> Button "IPSec Setting" I had a preshared key entered.
As a result it only worked by wiring the computer directly to the Cable modem. Why I have not a clue.

Solution was to switch from a preshared key to "Use certificate for Authorization" (and enabled "verify the name and usage" then it worked through a router then. (No key)

Why again I have not a clue. But it sure was strange and a pain in the A$$.

Thanks all,

Robert

Related Discussions

Related Forums